mirror of
https://github.com/luau-lang/luau.git
synced 2024-11-15 14:25:44 +08:00
15 lines
976 B
Markdown
15 lines
976 B
Markdown
|
# Security Guarantees
|
||
|
|
||
|
Luau provides a safe sandbox that scripts can not escape from, short of vulnerabilities in custom C functions exposed by the host. This includes the virtual machine and builtin libraries.
|
||
|
|
||
|
Any source code can not result in memory safety errors or crashes during its compilation or execution. Violations of memory safety are considered vulnerabilities.
|
||
|
|
||
|
Note that Luau does not provide termination guarantees - some code may exhaust CPU or RAM resources on the system during compilation or execution.
|
||
|
|
||
|
The runtime expects valid bytecode as an input. Feeding bytecode that was not produced by Luau compiler into the VM is not supported and
|
||
|
doesn't come with any security guarantees; make sure to sign the bytecode when it crosses a network or file system boundary to avoid tampering.
|
||
|
|
||
|
# Reporting a Vulnerability
|
||
|
|
||
|
You can report security bugs via [Hackerone](https://hackerone.com/roblox). Please refer to the linked page for rules of the bounty program.
|